PT-2026-36859

Name of the Vulnerable Software and Affected Versions Notesnook Web/Desktop versions prior to 3.3.15 Notesnook iOS/Android versions prior to 3.3.20 Description A stored Cross-Site Scripting XSS issue exists in the note export flow. The problem occurs because exported note fields, including title,...

Astra Linux – Vulnerability in cups-filters

“cups-filters” contains backends, filters, and other software required to make the cups printing service work on operating systems other than macOS. In “cups-filters” before version 1.28.18, an attacker could create a PDF file with a high value for “MediaBox”, causing the “pdftoraster” tool in...

Astra Linux – Vulnerability in Chromium

Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file...

Astra Linux – Vulnerability in poppler-22

A vulnerability in Outline.cc for Poppler prior to version 23.06.0 allows a remote attacker to cause a Denial of Service DoS attack through a crafted PDF file using the OutlineItem::open method...

Astra Linux – Vulnerability in Firefox and Thunderbird

If a user opens a specially crafted PDF file, the PDF reader may be tricked into leaking cross-origin information, when such information is served as chunked data. This vulnerability affects Firefox versions earlier than 85, Thunderbird versions earlier than 78.7, and Firefox ESR versions earlier...

Astra Linux – Vulnerability in htmldoc

A flaw was discovered in htmldoc commit 31f7804. A heap buffer overflow in the pdfwritenames function in ps-pdf.cxx may lead to arbitrary code execution and a Denial of Service DoS attack...

Astra Linux – Vulnerability in poppler, poppler-22

Poppler prior to and including version 22.08.0 contains an integer overflow in the JBIG2 decoder JBIG2Stream::readTextRegionSeg in JBIGStream.cc. Processing a specially crafted PDF file or JBIG2 image may lead to a crash or the execution of arbitrary code. This is similar to the vulnerability...

Astra Linux – Vulnerability in imagemagick

An integer overflow issue was discovered in ImageMagick’s ExportIndexQuantum function in MagickCore/quantum-export.c. Function calls to GetPixelIndex could result in values that are outside the representable range for ‘unsigned char’. When ImageMagick processes a specially crafted PDF file, this...

Astra Linux – Vulnerability in Poppler

A vulnerability was discovered in the freedesktop Poppler version 20.12.1. This vulnerability allows remote attackers to trigger a Denial-of-Service DoS attack through a crafted .pdf file, targeting the FoFiType1C::cvtGlyph function...

Astra Linux - уязвимость в chromium

A heap buffer overflow in PDFium in Google Chrome prior to version 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption through a crafted PDF file. Chromium security severity: High...

Astra Linux - уязвимость в chromium

The use of “after free” in PDFs in Google Chrome before version 146.0.7680.178 allowed a remote attacker to execute arbitrary code within a sandbox through a crafted PDF file. Chromium security severity: High...

Astra Linux – Vulnerability in GhostScript

Artifex Ghostscript before version 10.03.0 has a heap-based pointer disclosure observable in a constructed BaseFont name in the function pdfbasefontalloc...

Astra Linux – Vulnerability in Chromium

Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file...

Astra Linux – Vulnerability in qpdf

A issue was discovered in QPDF version 10.0.4, allowing remote attackers to execute arbitrary code via a crafted .pdf file, through the PlASCII85Decoder::write parameter in libqpdf...

Astra Linux – Vulnerability in poppler, poppler-22

A logical error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service DoS attack through a crafted PDF file...

Astra Linux – Vulnerability in qpdf

QPDF versions 9.x through 9.1.1, and 10.x through 10.0.4 have a heap-based buffer overflow in the PlASCII85Decoder::write function invoked from PlAESPDF::flush and PlAESPDF::finish when a certain downstream write operation fails...

Astra Linux – Vulnerability in Poppler

A flaw was discovered in Poppler regarding the way certain PDF files are converted into HTML format. A remote attacker could exploit this flaw by providing a malicious PDF file. When such a file is processed by the ‘pdftohtml’ program, it could cause the application to crash, resulting in a denia...

Astra Linux – Vulnerability in Chromium

Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file...

WordPress PDF Poster – Display PDF Files with Custom Viewer plugin <= 2.2.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin PDF Poster versions = 2.2.0...

python311-pypdf-6.10.2-2.1 on GA media (moderate)

python311-pypdf-6.10.2-2.1 on GA media Announcement ID: openSUSE-SU-2026:10658-1 Rating: moderate Cross-References: CVE-2026-41168 CVE-2026-41312 Affected Products: openSUSE Tumbleweed An update that solves 2 vulnerabilities can now be installed. Description: These are all security issues fixed i...